This documentation is archived and is not being maintained.

<peerAuthentication> Element

Specifies authentication options for peer-to-peer clients.

For more information about peer-to-peer programming, see Peer to Peer Networking.

customCertificateValidatorType = "namespace.typeName, [,AssemblyName] [,Version=version number] [,Culture=culture] [,PublicKeyToken=token]"
certificateValidationMode = "ChainTrust/None/PeerTrust/PeerOrChainTrust/Custom"

The following sections describe attributes, child elements, and parent elements


Attribute Description


Optional string. A type and assembly used to validate a custom type. This attribute must be set when certificateValidationMode is set to Custom.


Optional enumeration. Specifies one of three modes used to validate credentials. If set to Custom, then a customCertificateValidator must also be supplied. The default is ChainTrust.


Optional enumeration. One of the modes used to check for a revoked certificate lists (CRL). The default is Online.


Optional enumeration. One of the two system store locations: LocalMachine or CurrentUser. This value is used when a service certificate is negotiated to the client. Validation is performed against the Trusted People store in the specified store location. The default is CurrentUser.

Child Elements


Parent Elements

Element Description

<peer> of <clientCredentials> Element

Specifies a credential used for authenticating the client to a peer service.

The <authentication> element corresponds to the X509PeerCertificateAuthentication class. This element specifies a validator, which is invoked during neighbor-to-neighbor authentication in the mesh. When a new peer tries to establish a neighbor connection, it passes its own credential to the responding peer. The validator of the responder is invoked to verify the credential of the remote party. Whenever a peer connection is established in the mesh, both peers are mutually authenticated, meaning validators on both ends are invoked.

The following code sets the certificate validation mode to PeerOrChainTrust.

  <behavior name="MyEndpointBehavior">
     <certificate findValue="" 
                   x509FindType="FindByIssuerName" />
          certificateValidationMode="PeerOrChainTrust" />
     <messageSenderAuthentication certificateValidationMode="None" />